The European General Data Protection Regulation (GDPR)

The European General Data Protection Regulation (GDPR) will replace the European Data Protection Directive (Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data). As a result of the rapid technological advances, permanently growing digitalization and subsequent data scandals, the data protection guideline in its current form does not provide adequate protection for personal data. An innovative modernization was required. The GDPR aims to closing existing gaps, such as inordinately severe interventions in the privacy of individuals, the creation of new rights for affected persons, and penalties up to several millions of dollars, to prevent reckless handling of personal data.

The regulation has direct applicability and will therefore create a uniform data protection standard in all member states of the European Union; nevertheless opening clauses, which allows domestic legislature to adopt its own provisions ensure that national data protection law will continue to be observed.

The GDPR aims to protect fundamental rights and fundamental freedoms of persons and in particular their right to the protection of personal data (Article 1 II GDPR). The protection of persons in processing of personal data and the free circulation of such data is arranged in Article 1 I GPDR. Therefore the right to informational self-determination remains the basis of data protection law.

The innovations will benefit the affected parties, as their rights (right to be forgotten, additional information rights) have been strengthened. However, many provisions of the GDPR are based on existing legislation, so that the currently valid data protection regulations, policies etc. in the company are subject to a critical review.

We will inform you about various (new) aspects of the General Data Protection Regulation.

new aspects of the Bundesdatenschutzgesetz (BDSG)

Data Portability

Data Protection Officer

Information obligations against the affected persons in case of a data mishap